CVE-2008-5374

Name of the Vulnerable Software and Affected Versions bash-doc versions 3.2 bash versions prior to 4.2 p37

Description The issue allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the aliasconv.sh, aliasconv.bash, and cshtobash scripts. Multiple vulnerabilities in the bash package can lead to disruption of confidentiality, integrity, and availability of protected information, and exploitation can be done locally.

Recommendations For bash-doc version 3.2, consider restricting access to the aliasconv.sh, aliasconv.bash, and cshtobash scripts until a patch is available. For bash versions prior to 4.2 p37, update to version 4.2 p37 or later to resolve the issue. As a temporary workaround, consider disabling the vulnerable scripts until a patch is available.